If you are having trouble viewing this email,
click here to view this online  |
|
VOLUME 39 |
ISSUE 39 |
30 October 2014 | |
|
| Article of the Month | | | | Around the World | |
USB Condoms to protect your
Data | |
Whenever you want to plug your phone to an unknown device to charge it,
Have you ever thought of the possibility of your data being transferred to
a third party? You might come across different situations where you will
have to use charging pots such as in air ports and public charging
stations. So every time you use a public charging pot, you are at a risk.
Have you ever heard the word �USB Condom�? Security experts have created
this device �USB Condoms� which allows you to charge your smart phone or
tablet without risking accidental syncing of private data or contracting a
computer virus.
Fake charging pots have been set up to steal your sensitive private data.
When you plug your mobile phone to an unknown computer to get it charged,
there will be a program running behind to get a backup of all your
sensitive and personal data.
USB cables are actually composed of several entwined cables, wrapped in a
single protective covering. Some of the cables allow data transfer, while
two provide five volts of electricity. To charge a device you only need
the power cables, not the data cables � which can actually put you at risk
of unnecessary data transfer or infection by malware.
| | | | | |
 | |
USB Condom is a small chip
with a male and a female port. You can plug your USB to the female port
of the USB Condom and then male port of your USB condom to the PC or to
the unknown device. USB Condom simply connects only the cables that
transfer power but severing any kind of a data connection.
In the wrong hands, the data from your phone is more valuable than the
phone itself, so there is plenty of motivation for the bad guys to
pursue juice-jacking. May the gods of USB have mercy on your data if you
plug into a public USB port within 50 miles of the annual DefCon
security conference in Las Vegas. This is a place where using public
WiFi or ATMs is extremely risky. If there is anywhere juice-jacking is
likely to occur, it�s there.

If the makers of the USB
condom have any sense, they�ll set up shop at next year�s DefCon and
make a boatload of cash selling their smartphone prophylactics. It will
come in both mini and micro USB flavors. There is no price listed on the
USB condom�s page yet, but can you really put a price on that kind of
peace of mind?
Saranga
Anjana Wijeratna
Saranga is an undergraduate
of Informatics Institute of Technology who is currently following BEng (Hons)
Software Engineering. Currently he is working as
Intern - Information Security Engineer at Sri Lanka CERT|CC
- | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| |  | | | |  | |  |
SELFIES COULD REPLACE THE PASSWORD | | |
 ''....The
Obama administration's top cybersecurity official wants to get rid of
passwords.
"Frankly, I would love to kill the password dead as a primary security
method, because it's terrible," said Michael Daniel, the White House
cybersecurity coordinator, during a discussion Thursday hosted by the
Center for National Policy and The Christian Science Monitor......' | | | | | |  |
iOS vs. Android: Which is more secure? |
| |

'..With millions of new iOS and Android devices pouring into the
enterprise every quarter, it's important to know just how much risk these
devices bring � and if one mobile operating system has an edge over
another when it comes to securing enterprise applications and data....' | | | | | | | |
 |
DHS Anti-Terrorism Program Could Provide Cyberattack
Liability Protection | | |
| | | |
 | |
|
|
'....A little-known Department of Homeland Security program for providing
liability protection to US firms in the wake of terrorist or other attacks
could also provide shelter for firms facing legal action in the wake of a
cyberattack.
Brian Finch, a partner with the law firm Pillsbury Winthrop Shaw Pittman LLP
and a cybersecurity legal expert, says the DHS's so-called SAFETY Act, which
protects certified providers of anti-terrorism products and services, also
can apply to providers of cyber security products and services -- and even
to the cybersecurity policies of major corporations in the event of an
attack.....' | |  |
With mobile devices, many firms are playing Russian
roulette with cybersecurity | | | |
 |
| |
'...As head of a Michigan-based cybersecurity firm, Larry Ponemon has
studied data breaches including the hacking of Target credit cards,
and Chinese and other international cyber espionage. But his favorite
incident, he says, was small, avoidable and probably victimless.
It involved a doctor and a tablet (tablet as in iPad, not medication).
The physician�s health-care network had just upgraded its data storage
system, and he was given an iPad that he could carry from the hospital
to his home in which he collected patient information that would go
directly to a cloud-based bank of medical records....' | | | | |
| | |  | EU to vote On Stiffer Penalties For Hackers | | |  |
| | |
|
| | | | | Member states of the European Union might soon be creating new laws that will raise minimum prison sentences for convicted cyber attackers and botnet herders. Last week, the European Parliament committee on Civil Liberties, Justice and Home Affairs has approved a draft for a directive whose objective is to "approximate rules on criminal law in the Member States in the area of attacks against information systems, and improve cooperation between judicial and other competent
authorities. The proposal is scheduled to be voted on by the European Parliament in July, and if the draft gets approved, the directive will become a concrete proposal on the basis of which member states will be urged to model their laws regarding attacks against information systems. | |
| | | | | | |  |
Cisco tells users to lock down WebEx to prevent
snooping | |
| |
 | | |
'...Cisco has warned customers to lock down WebEx after a security
researcher and journalist found many big-name companies left some online
meetings open for anyone to join....' | | | | | Month in Brief | | Facebook Incidents Reported to Sri Lanka CERT|CC in
September 2014 | |
 | | | | | | | | | Statistics - Sri Lanka CERT|CC |
|
|
 |
What to consider when choosing a password
manager
|
|
|
|
 |
|
...Many security experts feel that passwords are no
longer sufficient to keep online accounts safe from hackers, but we're
still a long way from widespread adoption of biometrics and alternative
methods of authentication... |
|
|
 |
IS THIS THE YEAR CYBERSECURITY AWARENESS SINKS IN |
|
 |
|
'....We live in a dangerous world. Amid unrest in growing parts of the
physical world, the threat landscape has long since expanded into the
virtual sphere -- where boundaries don't exist and laws that govern
warfare play catch-up.
The White House has declared cyber threats �one of the gravest national
security dangers� the nation faces because of their potential damaging
effect on critical infrastructure and the overall economy...'
|
|
|
 |
�BEYOND THE LAW?� FBI DIRECTOR CRITICIZES APPLE,
GOOGLE PRIVACY FEATURES |
|
 |
|
'...The FBI director
criticized Apple and Google Thursday for adopting new policies that will
block police from accessing private data on phones and tablet computers.
An FBI spokesman confirmed that Director James Comey told reporters he
is "very concerned" that the new features could thwart critical police
investigations. The bureau has contacted both companies to learn more,
the spokesman said....' |
|
| | | | | Notice Board | | Training and Awareness Programmes
- October 2014 | | | | | | | | Date | Event | | Venue | | | | | | |
October 1st |
A/L Training programme | |
Education Leadership Development
Center, Meepe | | |
October 01-03 |
NCOE Teachers Training | |
ICT lab, Ministry of Education | | |
October 09-15 |
A/L Training programme | |
Education Leadership
Development Center, Meepe | | |
October 20-24 |
NCOE Teachers Training | |
ICT lab, Ministry of Education | | |
October 20 |
ICT Forum 2014 | |
Cinnamon Grand Hotel | | |
October 21 |
Handing over ceremony of SMART
Classroom equipment | |
Mahinda Rajapaksha V.,
Pitipana, Homagama | |
October 23-27 |
SMART Classroom training | |
Mahinda Rajapaksha V.,
Pitipana, Homagama | |
October 24 |
Awareness programme on
Mahindodaya Secondary School principals and IT teachers in North Western
Province | |
Kandyan Reach Hotel,
Kurunegala | |
October 28-31 |
A/L Training programme | |
Education Leadership
Development Center, Meepe | |
October 28 |
Setting up of National
e-learning platform with the view of introducing systematic e-learning
system with road map for the entire general education system in Sri Lanka | |
CETRAC, Pelawatta | |
October 27-31 |
NCOE Teachers Training | |
ICT lab, Ministry of Education |
| | |
| | | | | Brought to you by: | | |  | |
| |